Skip to content
This repository was archived by the owner on Oct 14, 2020. It is now read-only.

Commit c74012a

Browse files
rfelberrfelber
authored
Merge pull request #49 from secureCodeBox/feature/custom-env-vars-in-scans
Allow to Specify ENV Vars in the Scan CRD
2 parents 23770e5 + 6a0f6fe commit c74012a

9 files changed

+635
-0
lines changed

operator/apis/execution/v1/scan_types.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ limitations under the License.
1717
package v1
1818

1919
import (
20+
corev1 "k8s.io/api/core/v1"
2021
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
2122
)
2223

@@ -32,6 +33,9 @@ type ScanSpec struct {
3233

3334
Parameters []string `json:"parameters,omitempty"`
3435

36+
// Env allows to specify environment vars for the scanner container. These will be merged will the env vars specified for the first container of the pod defined in the ScanType
37+
Env []corev1.EnvVar `json:"env,omitempty"`
38+
3539
Cascades *metav1.LabelSelector `json:"cascades,omitempty"`
3640
}
3741

operator/apis/execution/v1/zz_generated.deepcopy.go

Lines changed: 7 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

operator/config/crd/bases/cascading.experimental.securecodebox.io_cascadingrules.yaml

Lines changed: 104 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,110 @@ spec:
132132
are ANDed.
133133
type: object
134134
type: object
135+
env:
136+
description: Env allows to specify environment vars for the scanner
137+
container. These will be merged will the env vars specified for
138+
the first container of the pod defined in the ScanType
139+
items:
140+
description: EnvVar represents an environment variable present
141+
in a Container.
142+
properties:
143+
name:
144+
description: Name of the environment variable. Must be a C_IDENTIFIER.
145+
type: string
146+
value:
147+
description: 'Variable references $(VAR_NAME) are expanded
148+
using the previous defined environment variables in the
149+
container and any service environment variables. If a variable
150+
cannot be resolved, the reference in the input string will
151+
be unchanged. The $(VAR_NAME) syntax can be escaped with
152+
a double $$, ie: $$(VAR_NAME). Escaped references will never
153+
be expanded, regardless of whether the variable exists or
154+
not. Defaults to "".'
155+
type: string
156+
valueFrom:
157+
description: Source for the environment variable's value.
158+
Cannot be used if value is not empty.
159+
properties:
160+
configMapKeyRef:
161+
description: Selects a key of a ConfigMap.
162+
properties:
163+
key:
164+
description: The key to select.
165+
type: string
166+
name:
167+
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
168+
TODO: Add other useful fields. apiVersion, kind,
169+
uid?'
170+
type: string
171+
optional:
172+
description: Specify whether the ConfigMap or its
173+
key must be defined
174+
type: boolean
175+
required:
176+
- key
177+
type: object
178+
fieldRef:
179+
description: 'Selects a field of the pod: supports metadata.name,
180+
metadata.namespace, metadata.labels, metadata.annotations,
181+
spec.nodeName, spec.serviceAccountName, status.hostIP,
182+
status.podIP, status.podIPs.'
183+
properties:
184+
apiVersion:
185+
description: Version of the schema the FieldPath is
186+
written in terms of, defaults to "v1".
187+
type: string
188+
fieldPath:
189+
description: Path of the field to select in the specified
190+
API version.
191+
type: string
192+
required:
193+
- fieldPath
194+
type: object
195+
resourceFieldRef:
196+
description: 'Selects a resource of the container: only
197+
resources limits and requests (limits.cpu, limits.memory,
198+
limits.ephemeral-storage, requests.cpu, requests.memory
199+
and requests.ephemeral-storage) are currently supported.'
200+
properties:
201+
containerName:
202+
description: 'Container name: required for volumes,
203+
optional for env vars'
204+
type: string
205+
divisor:
206+
description: Specifies the output format of the exposed
207+
resources, defaults to "1"
208+
type: string
209+
resource:
210+
description: 'Required: resource to select'
211+
type: string
212+
required:
213+
- resource
214+
type: object
215+
secretKeyRef:
216+
description: Selects a key of a secret in the pod's namespace
217+
properties:
218+
key:
219+
description: The key of the secret to select from. Must
220+
be a valid secret key.
221+
type: string
222+
name:
223+
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
224+
TODO: Add other useful fields. apiVersion, kind,
225+
uid?'
226+
type: string
227+
optional:
228+
description: Specify whether the Secret or its key
229+
must be defined
230+
type: boolean
231+
required:
232+
- key
233+
type: object
234+
type: object
235+
required:
236+
- name
237+
type: object
238+
type: array
135239
parameters:
136240
items:
137241
type: string

operator/config/crd/bases/execution.experimental.securecodebox.io_scans.yaml

Lines changed: 101 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,107 @@ spec:
105105
are ANDed.
106106
type: object
107107
type: object
108+
env:
109+
description: Env allows to specify environment vars for the scanner
110+
container. These will be merged will the env vars specified for the
111+
first container of the pod defined in the ScanType
112+
items:
113+
description: EnvVar represents an environment variable present in
114+
a Container.
115+
properties:
116+
name:
117+
description: Name of the environment variable. Must be a C_IDENTIFIER.
118+
type: string
119+
value:
120+
description: 'Variable references $(VAR_NAME) are expanded using
121+
the previous defined environment variables in the container
122+
and any service environment variables. If a variable cannot
123+
be resolved, the reference in the input string will be unchanged.
124+
The $(VAR_NAME) syntax can be escaped with a double $$, ie:
125+
$$(VAR_NAME). Escaped references will never be expanded, regardless
126+
of whether the variable exists or not. Defaults to "".'
127+
type: string
128+
valueFrom:
129+
description: Source for the environment variable's value. Cannot
130+
be used if value is not empty.
131+
properties:
132+
configMapKeyRef:
133+
description: Selects a key of a ConfigMap.
134+
properties:
135+
key:
136+
description: The key to select.
137+
type: string
138+
name:
139+
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
140+
TODO: Add other useful fields. apiVersion, kind, uid?'
141+
type: string
142+
optional:
143+
description: Specify whether the ConfigMap or its key
144+
must be defined
145+
type: boolean
146+
required:
147+
- key
148+
type: object
149+
fieldRef:
150+
description: 'Selects a field of the pod: supports metadata.name,
151+
metadata.namespace, metadata.labels, metadata.annotations,
152+
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP,
153+
status.podIPs.'
154+
properties:
155+
apiVersion:
156+
description: Version of the schema the FieldPath is written
157+
in terms of, defaults to "v1".
158+
type: string
159+
fieldPath:
160+
description: Path of the field to select in the specified
161+
API version.
162+
type: string
163+
required:
164+
- fieldPath
165+
type: object
166+
resourceFieldRef:
167+
description: 'Selects a resource of the container: only resources
168+
limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage,
169+
requests.cpu, requests.memory and requests.ephemeral-storage)
170+
are currently supported.'
171+
properties:
172+
containerName:
173+
description: 'Container name: required for volumes, optional
174+
for env vars'
175+
type: string
176+
divisor:
177+
description: Specifies the output format of the exposed
178+
resources, defaults to "1"
179+
type: string
180+
resource:
181+
description: 'Required: resource to select'
182+
type: string
183+
required:
184+
- resource
185+
type: object
186+
secretKeyRef:
187+
description: Selects a key of a secret in the pod's namespace
188+
properties:
189+
key:
190+
description: The key of the secret to select from. Must
191+
be a valid secret key.
192+
type: string
193+
name:
194+
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
195+
TODO: Add other useful fields. apiVersion, kind, uid?'
196+
type: string
197+
optional:
198+
description: Specify whether the Secret or its key must
199+
be defined
200+
type: boolean
201+
required:
202+
- key
203+
type: object
204+
type: object
205+
required:
206+
- name
207+
type: object
208+
type: array
108209
parameters:
109210
items:
110211
type: string

operator/config/crd/bases/execution.experimental.securecodebox.io_scheduledscans.yaml

Lines changed: 104 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -121,6 +121,110 @@ spec:
121121
are ANDed.
122122
type: object
123123
type: object
124+
env:
125+
description: Env allows to specify environment vars for the scanner
126+
container. These will be merged will the env vars specified for
127+
the first container of the pod defined in the ScanType
128+
items:
129+
description: EnvVar represents an environment variable present
130+
in a Container.
131+
properties:
132+
name:
133+
description: Name of the environment variable. Must be a C_IDENTIFIER.
134+
type: string
135+
value:
136+
description: 'Variable references $(VAR_NAME) are expanded
137+
using the previous defined environment variables in the
138+
container and any service environment variables. If a variable
139+
cannot be resolved, the reference in the input string will
140+
be unchanged. The $(VAR_NAME) syntax can be escaped with
141+
a double $$, ie: $$(VAR_NAME). Escaped references will never
142+
be expanded, regardless of whether the variable exists or
143+
not. Defaults to "".'
144+
type: string
145+
valueFrom:
146+
description: Source for the environment variable's value.
147+
Cannot be used if value is not empty.
148+
properties:
149+
configMapKeyRef:
150+
description: Selects a key of a ConfigMap.
151+
properties:
152+
key:
153+
description: The key to select.
154+
type: string
155+
name:
156+
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
157+
TODO: Add other useful fields. apiVersion, kind,
158+
uid?'
159+
type: string
160+
optional:
161+
description: Specify whether the ConfigMap or its
162+
key must be defined
163+
type: boolean
164+
required:
165+
- key
166+
type: object
167+
fieldRef:
168+
description: 'Selects a field of the pod: supports metadata.name,
169+
metadata.namespace, metadata.labels, metadata.annotations,
170+
spec.nodeName, spec.serviceAccountName, status.hostIP,
171+
status.podIP, status.podIPs.'
172+
properties:
173+
apiVersion:
174+
description: Version of the schema the FieldPath is
175+
written in terms of, defaults to "v1".
176+
type: string
177+
fieldPath:
178+
description: Path of the field to select in the specified
179+
API version.
180+
type: string
181+
required:
182+
- fieldPath
183+
type: object
184+
resourceFieldRef:
185+
description: 'Selects a resource of the container: only
186+
resources limits and requests (limits.cpu, limits.memory,
187+
limits.ephemeral-storage, requests.cpu, requests.memory
188+
and requests.ephemeral-storage) are currently supported.'
189+
properties:
190+
containerName:
191+
description: 'Container name: required for volumes,
192+
optional for env vars'
193+
type: string
194+
divisor:
195+
description: Specifies the output format of the exposed
196+
resources, defaults to "1"
197+
type: string
198+
resource:
199+
description: 'Required: resource to select'
200+
type: string
201+
required:
202+
- resource
203+
type: object
204+
secretKeyRef:
205+
description: Selects a key of a secret in the pod's namespace
206+
properties:
207+
key:
208+
description: The key of the secret to select from. Must
209+
be a valid secret key.
210+
type: string
211+
name:
212+
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
213+
TODO: Add other useful fields. apiVersion, kind,
214+
uid?'
215+
type: string
216+
optional:
217+
description: Specify whether the Secret or its key
218+
must be defined
219+
type: boolean
220+
required:
221+
- key
222+
type: object
223+
type: object
224+
required:
225+
- name
226+
type: object
227+
type: array
124228
parameters:
125229
items:
126230
type: string

operator/controllers/execution/scan_controller.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -640,6 +640,12 @@ func (r *ScanReconciler) constructJobForScan(scan *executionv1.Scan, scanType *e
640640
scan.Spec.Parameters...,
641641
)
642642

643+
// Merge Env from ScanTemplate with Env defined in scan
644+
job.Spec.Template.Spec.Containers[0].Env = append(
645+
job.Spec.Template.Spec.Containers[0].Env,
646+
scan.Spec.Env...,
647+
)
648+
643649
// Using command over args
644650
job.Spec.Template.Spec.Containers[0].Command = command
645651
job.Spec.Template.Spec.Containers[0].Args = nil

0 commit comments

Comments
 (0)